Multiple vulnerabilities in Autodesk AutoCAD and AutoCAD-based products
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 11 |
| CVE-ID | CVE-2025-1427 CVE-2025-1649 CVE-2025-1650 CVE-2025-1428 CVE-2025-1429 CVE-2025-1651 CVE-2025-1430 CVE-2025-1432 CVE-2025-1433 CVE-2025-1431 CVE-2025-1652 |
| CWE-ID | CWE-457 CWE-125 CWE-122 CWE-119 CWE-416 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Autodesk AutoCAD Other software / Other software solutions AutoCAD Architecture Client/Desktop applications / Multimedia software AutoCAD Electrical Client/Desktop applications / Multimedia software AutoCAD Mechanical Client/Desktop applications / Multimedia software AutoCAD MEP Client/Desktop applications / Multimedia software AutoCAD Plant 3D Client/Desktop applications / Multimedia software Autodesk Civil 3D Client/Desktop applications / Multimedia software Advance Steel Client/Desktop applications / Multimedia software AutoCAD Map 3D Client/Desktop applications / Multimedia software |
| Vendor | Autodesk |
Security Bulletin
This security bulletin contains information about 11 vulnerabilities.
1) Use of Uninitialized Variable
EUVDB-ID: #VU105748
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2025-1427
CWE-ID:
CWE-457 - Use of Uninitialized Variable
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to uninitialized variable within the parsing of CATPRODUCT files. A remote attacker can trick a victim to open a specially crafted file and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAutodesk AutoCAD: 2025
AutoCAD Architecture: 2025
AutoCAD Electrical: 2025
AutoCAD Mechanical: 2025
AutoCAD MEP: 2025
AutoCAD Plant 3D: 2025
Autodesk Civil 3D: 2025
Advance Steel: 2025
AutoCAD Map 3D: 2025
CPE2.3- cpe:2.3:a:autodesk:autodesk_autocad:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autodesk_civil_3d:2025:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*
https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0001
https://www.zerodayinitiative.com/advisories/ZDI-25-162/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use of Uninitialized Variable
EUVDB-ID: #VU105750
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2025-1649
CWE-ID:
CWE-457 - Use of Uninitialized Variable
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to uninitialized variable within the parsing of CATPRODUCT files. A remote attacker can trick a victim to open a specially crafted file and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAutodesk AutoCAD: 2025.1
AutoCAD Architecture: 2025
AutoCAD Electrical: 2025
AutoCAD Mechanical: 2025
AutoCAD MEP: 2025
AutoCAD Plant 3D: 2025
Autodesk Civil 3D: 2025
Advance Steel: 2025
AutoCAD Map 3D: 2025
CPE2.3- cpe:2.3:a:autodesk:autodesk_autocad:2025.1:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autodesk_civil_3d:2025:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*
https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0001
https://www.zerodayinitiative.com/advisories/ZDI-25-159/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Use of Uninitialized Variable
EUVDB-ID: #VU105751
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2025-1650
CWE-ID:
CWE-457 - Use of Uninitialized Variable
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to uninitialized variable within the parsing of CATPRODUCT files. A remote attacker can trick a victim to open a specially crafted file and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAutodesk AutoCAD: 2025.1
AutoCAD Architecture: 2025
AutoCAD Electrical: 2025
AutoCAD Mechanical: 2025
AutoCAD MEP: 2025
AutoCAD Plant 3D: 2025
Autodesk Civil 3D: 2025
Advance Steel: 2025
AutoCAD Map 3D: 2025
CPE2.3- cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autodesk_civil_3d:2025:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*
https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0001
https://www.zerodayinitiative.com/advisories/ZDI-25-158/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Out-of-bounds read
EUVDB-ID: #VU105752
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2025-1428
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted CATPART file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system, leading to arbitrary code execution.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAutodesk AutoCAD: 2025.1
AutoCAD Architecture: 2025
AutoCAD Electrical: 2025
AutoCAD Mechanical: 2025
AutoCAD MEP: 2025
AutoCAD Plant 3D: 2025
Autodesk Civil 3D: 2025
Advance Steel: 2025
AutoCAD Map 3D: 2025
CPE2.3- cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autodesk_civil_3d:2025:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*
https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0001
https://www.zerodayinitiative.com/advisories/ZDI-25-161/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Heap-based buffer overflow
EUVDB-ID: #VU105759
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2025-1429
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick a victim to open a specially crafted MODEL file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAutodesk AutoCAD: 2025.1
AutoCAD Architecture: 2025
AutoCAD Electrical: 2025
AutoCAD Mechanical: 2025
AutoCAD MEP: 2025
AutoCAD Plant 3D: 2025
Autodesk Civil 3D: 2025
Advance Steel: 2025
AutoCAD Map 3D: 2025
CPE2.3- cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autodesk_civil_3d:2025:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*
https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0001
https://www.zerodayinitiative.com/advisories/ZDI-25-160/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Heap-based buffer overflow
EUVDB-ID: #VU105768
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2025-1651
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick a victim to open a specially crafted MODEL file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAutodesk AutoCAD: 2025.1
AutoCAD Architecture: 2025
AutoCAD Electrical: 2025
AutoCAD Mechanical: 2025
AutoCAD MEP: 2025
AutoCAD Plant 3D: 2025
Autodesk Civil 3D: 2025
Advance Steel: 2025
AutoCAD Map 3D: 2025
CPE2.3- cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autodesk_civil_3d:2025:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*
https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0001
https://www.zerodayinitiative.com/advisories/ZDI-25-157/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Buffer overflow
EUVDB-ID: #VU105770
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2025-1430
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can create a specially crafted SLDPRT file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAutodesk AutoCAD: 2025.1
AutoCAD Architecture: 2025
AutoCAD Electrical: 2025
AutoCAD Mechanical: 2025
AutoCAD MEP: 2025
AutoCAD Plant 3D: 2025
Autodesk Civil 3D: 2025
Advance Steel: 2025
AutoCAD Map 3D: 2025
CPE2.3- cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autodesk_civil_3d:2025:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*
https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0001
https://www.zerodayinitiative.com/advisories/ZDI-25-156/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Use-after-free
EUVDB-ID: #VU105777
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2025-1432
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error. A remote attacker can trick a victim to open a specially crafted 3DM file and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAutodesk AutoCAD: 2025.1
AutoCAD Architecture: 2025
AutoCAD Electrical: 2025
AutoCAD Mechanical: 2025
AutoCAD MEP: 2025
AutoCAD Plant 3D: 2025
Autodesk Civil 3D: 2025
Advance Steel: 2025
AutoCAD Map 3D: 2025
CPE2.3- cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autodesk_civil_3d:2025:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*
https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0001
https://www.zerodayinitiative.com/advisories/ZDI-25-154/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Out-of-bounds read
EUVDB-ID: #VU105778
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2025-1433
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted MODEL file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system, leading to arbitrary code execution.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAutodesk AutoCAD: 2025.1
AutoCAD Architecture: 2025
AutoCAD Electrical: 2025
AutoCAD Mechanical: 2025
AutoCAD MEP: 2025
AutoCAD Plant 3D: 2025
Autodesk Civil 3D: 2025
Advance Steel: 2025
AutoCAD Map 3D: 2025
CPE2.3- cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autodesk_civil_3d:2025:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*
https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0001
https://www.zerodayinitiative.com/advisories/ZDI-25-155/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Out-of-bounds read
EUVDB-ID: #VU105779
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2025-1431
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted SLDPRT file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system, leading to arbitrary code execution.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAutodesk AutoCAD: 2025.1
AutoCAD Architecture: 2025
AutoCAD Electrical: 2025
AutoCAD Mechanical: 2025
AutoCAD MEP: 2025
AutoCAD Plant 3D: 2025
Autodesk Civil 3D: 2025
Advance Steel: 2025
AutoCAD Map 3D: 2025
CPE2.3- cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autodesk_civil_3d:2025:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*
https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0001
https://www.zerodayinitiative.com/advisories/ZDI-25-153/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Out-of-bounds read
EUVDB-ID: #VU105780
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2025-1652
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted MODEL file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system, leading to arbitrary code execution.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAutodesk AutoCAD: 2025.1
AutoCAD Architecture: 2025
AutoCAD Electrical: 2025
AutoCAD Mechanical: 2025
AutoCAD MEP: 2025
AutoCAD Plant 3D: 2025
Autodesk Civil 3D: 2025
Advance Steel: 2025
AutoCAD Map 3D: 2025
CPE2.3- cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autodesk_civil_3d:2025:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*
https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0001
https://www.zerodayinitiative.com/advisories/ZDI-25-163/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
